Merge pull request #7449 from valeriosetti/issue7446
Clean up & improve PK write test functions
diff --git a/BRANCHES.md b/BRANCHES.md
index a2ea074..0aaacb0 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -23,6 +23,11 @@
compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain
ABI compatibility within LTS branches; see the next section for details.
+Every major version will become an LTS branch when the next major version is
+released. We may occasionally create LTS branches from other releases at our
+discretion.
+When a new LTS branch is created, it usually remains supported for three years.
+
## Backwards Compatibility for application code
We maintain API compatibility in released versions of Mbed TLS. If you have
diff --git a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt b/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
new file mode 100644
index 0000000..c30e074
--- /dev/null
+++ b/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function
+ in the ecdsa.h header file. There was a build warning when the
+ configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined.
+ Resolves #7407.
diff --git a/ChangeLog.d/verify-ip-sans-properly.txt b/ChangeLog.d/verify-ip-sans-properly.txt
new file mode 100644
index 0000000..00203a8
--- /dev/null
+++ b/ChangeLog.d/verify-ip-sans-properly.txt
@@ -0,0 +1,2 @@
+Features
+ * X.509 hostname verification now supports IPAddress Subject Alternate Names.
diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index 0027ec7..cd1b9fc 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@@ -474,7 +474,8 @@
* `PSA_JPAKE_X4S_STEP_ZK_PUBLIC` Round 2: input Schnorr NIZKP public key for the X4S key
* `PSA_JPAKE_X4S_STEP_ZK_PROOF` Round 2: input Schnorr NIZKP proof for the X4S key
-The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE.
+The core checks that `input_length` is not greater than `PSA_PAKE_INPUT_SIZE(alg, prim, step)` and
+the driver can rely on that.
### PAKE driver get implicit key
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index c5d9701..e797c1a 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -288,6 +288,8 @@
void *p_rng_blind,
mbedtls_ecdsa_restart_ctx *rs_ctx);
+#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
+
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
@@ -321,6 +323,7 @@
* buffer of length \p blen Bytes. It may be \c NULL if
* \p blen is zero.
* \param blen The length of \p buf in Bytes.
+ * \param md_alg The hash algorithm used to hash the original data.
* \param f_rng_blind The RNG function used for blinding. This must not be
* \c NULL.
* \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
@@ -348,8 +351,6 @@
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
-
/**
* \brief This function verifies the ECDSA signature of a
* previously-hashed message.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6c86a66..a795183 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -638,7 +638,7 @@
* \param cn The expected Common Name. This will be checked to be
* present in the certificate's subjectAltNames extension or,
* if this extension is absent, as a CN component in its
- * Subject name. Currently only DNS names are supported. This
+ * Subject name. DNS names and IP addresses are supported. This
* may be \c NULL if the CN need not be verified.
* \param flags The address at which to store the result of the verification.
* If the verification couldn't be completed, the flag value is
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index e8cecf7..b858180 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -1937,6 +1937,9 @@
*
* This macro must expand to a compile-time constant integer.
*
+ * The value of this macro must be at least as large as the largest value
+ * returned by PSA_PAKE_OUTPUT_SIZE()
+ *
* See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p step).
*/
#define PSA_PAKE_OUTPUT_MAX_SIZE 65
@@ -1946,6 +1949,9 @@
*
* This macro must expand to a compile-time constant integer.
*
+ * The value of this macro must be at least as large as the largest value
+ * returned by PSA_PAKE_INPUT_SIZE()
+ *
* See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p step).
*/
#define PSA_PAKE_INPUT_MAX_SIZE 65
@@ -1958,7 +1964,7 @@
/** Returns a suitable initializer for a PAKE operation object of type
* psa_pake_operation_t.
*/
-#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_SETUP, \
+#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \
{ 0 }, { { 0 } } }
struct psa_pake_cipher_suite_s {
@@ -2104,6 +2110,8 @@
unsigned int MBEDTLS_PRIVATE(id);
/* Algorithm of the PAKE operation */
psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ /* A primitive of type compatible with algorithm */
+ psa_pake_primitive_t MBEDTLS_PRIVATE(primitive);
/* Stage of the PAKE operation: waiting for the setup, collecting inputs
* or computing. */
uint8_t MBEDTLS_PRIVATE(stage);
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 5d72245..1376f5d 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -4608,9 +4608,13 @@
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
static int ecp_mod_p192k1(mbedtls_mpi *);
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p192k1(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
static int ecp_mod_p224k1(mbedtls_mpi *);
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p224k1(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
static int ecp_mod_p256k1(mbedtls_mpi *);
@@ -5605,6 +5609,12 @@
*/
static int ecp_mod_p192k1(mbedtls_mpi *N)
{
+ return mbedtls_ecp_mod_p192k1(N);
+}
+
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N)
+{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00)
@@ -5616,11 +5626,18 @@
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+
+static int ecp_mod_p224k1(mbedtls_mpi *N)
+{
+ return mbedtls_ecp_mod_p224k1(N);
+}
+
/*
* Fast quasi-reduction modulo p224k1 = 2^224 - R,
* with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
*/
-static int ecp_mod_p224k1(mbedtls_mpi *N)
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index f853b96..b7cd6e2 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -169,6 +169,23 @@
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+
+/*
+ * Fast quasi-reduction modulo p192k1 = 2^192 - R,
+ * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
+ */
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N);
+
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N);
+
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
/** Initialise a modulus with hard-coded const curve data.
*
* \note The caller is responsible for the \p N modulus' memory.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a89b5ff..20918bc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7316,6 +7316,8 @@
memset(&operation->data.inputs, 0, sizeof(operation->data.inputs));
operation->alg = cipher_suite->algorithm;
+ operation->primitive = PSA_PAKE_PRIMITIVE(cipher_suite->type,
+ cipher_suite->family, cipher_suite->bits);
operation->data.inputs.cipher_suite = *cipher_suite;
#if defined(PSA_WANT_ALG_JPAKE)
@@ -7900,6 +7902,9 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID;
+ const size_t max_input_length = (size_t) PSA_PAKE_INPUT_SIZE(operation->alg,
+ operation->primitive,
+ step);
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = psa_pake_complete_inputs(operation);
@@ -7913,7 +7918,7 @@
goto exit;
}
- if (input_length == 0 || input_length > PSA_PAKE_INPUT_MAX_SIZE) {
+ if (input_length == 0 || input_length > max_input_length) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index faf8623..874d8f6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -49,6 +49,7 @@
#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "hash_info.h"
+#include "x509_invasive.h"
#include "mbedtls/platform.h"
@@ -58,6 +59,10 @@
#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#define WIN32_LEAN_AND_MEAN
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0600
+#endif
#include <windows.h>
#else
#include <time.h>
@@ -2524,6 +2529,194 @@
}
}
+#ifdef _WIN32
+#ifdef _MSC_VER
+#pragma comment(lib, "ws2_32.lib")
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+#elif defined(__sun)
+/* Solaris requires -lsocket -lnsl for inet_pton() */
+#elif defined(__has_include)
+#if __has_include(<sys/socket.h>)
+#include <sys/socket.h>
+#endif
+#if __has_include(<arpa/inet.h>)
+#include <arpa/inet.h>
+#endif
+#endif
+
+/* Use whether or not AF_INET6 is defined to indicate whether or not to use
+ * the platform inet_pton() or a local implementation (below). The local
+ * implementation may be used even in cases where the platform provides
+ * inet_pton(), e.g. when there are different includes required and/or the
+ * platform implementation requires dependencies on additional libraries.
+ * Specifically, Windows requires custom includes and additional link
+ * dependencies, and Solaris requires additional link dependencies.
+ * Also, as a coarse heuristic, use the local implementation if the compiler
+ * does not support __has_include(), or if the definition of AF_INET6 is not
+ * provided by headers included (or not) via __has_include() above.
+ * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names
+ * despite having a platform that has inet_pton. */
+#if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names
+/* Definition located further below to possibly reduce compiler inlining */
+static int x509_inet_pton_ipv4(const char *src, void *dst);
+
+#define li_cton(c, n) \
+ (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0))
+
+static int x509_inet_pton_ipv6(const char *src, void *dst)
+{
+ const unsigned char *p = (const unsigned char *) src;
+ int nonzero_groups = 0, num_digits, zero_group_start = -1;
+ uint16_t addr[8];
+ do {
+ /* note: allows excess leading 0's, e.g. 1:0002:3:... */
+ uint16_t group = num_digits = 0;
+ for (uint8_t digit; num_digits < 4; num_digits++) {
+ if (li_cton(*p, digit) == 0) {
+ break;
+ }
+ group = (group << 4) | digit;
+ p++;
+ }
+ if (num_digits != 0) {
+ addr[nonzero_groups++] = MBEDTLS_IS_BIG_ENDIAN ? group :
+ (group << 8) | (group >> 8);
+ if (*p == '\0') {
+ break;
+ } else if (*p == '.') {
+ /* Don't accept IPv4 too early or late */
+ if ((nonzero_groups == 0 && zero_group_start == -1) ||
+ nonzero_groups >= 7) {
+ break;
+ }
+
+ /* Walk back to prior ':', then parse as IPv4-mapped */
+ int steps = 4;
+ do {
+ p--;
+ steps--;
+ } while (*p != ':' && steps > 0);
+
+ if (*p != ':') {
+ break;
+ }
+ p++;
+ nonzero_groups--;
+ if (x509_inet_pton_ipv4((const char *) p,
+ addr + nonzero_groups) != 0) {
+ break;
+ }
+
+ nonzero_groups += 2;
+ p = (const unsigned char *) "";
+ break;
+ } else if (*p != ':') {
+ return -1;
+ }
+ } else {
+ /* Don't accept a second zero group or an invalid delimiter */
+ if (zero_group_start != -1 || *p != ':') {
+ return -1;
+ }
+ zero_group_start = nonzero_groups;
+
+ /* Accept a zero group at start, but it has to be a double colon */
+ if (zero_group_start == 0 && *++p != ':') {
+ return -1;
+ }
+
+ if (p[1] == '\0') {
+ ++p;
+ break;
+ }
+ }
+ ++p;
+ } while (nonzero_groups < 8);
+
+ if (*p != '\0') {
+ return -1;
+ }
+
+ if (zero_group_start != -1) {
+ if (nonzero_groups > 6) {
+ return -1;
+ }
+ int zero_groups = 8 - nonzero_groups;
+ int groups_after_zero = nonzero_groups - zero_group_start;
+
+ /* Move the non-zero part to after the zeroes */
+ if (groups_after_zero) {
+ memmove(addr + zero_group_start + zero_groups,
+ addr + zero_group_start,
+ groups_after_zero * sizeof(*addr));
+ }
+ memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr));
+ } else {
+ if (nonzero_groups != 8) {
+ return -1;
+ }
+ }
+ memcpy(dst, addr, sizeof(addr));
+ return 0;
+}
+
+static int x509_inet_pton_ipv4(const char *src, void *dst)
+{
+ /* note: allows leading 0's, e.g. 000.000.000.000 */
+ const unsigned char *p = (const unsigned char *) src;
+ uint8_t *res = (uint8_t *) dst;
+ uint8_t digit, num_digits = 0;
+ uint8_t num_octets = 0;
+ uint16_t octet;
+
+ do {
+ octet = num_digits = 0;
+ do {
+ digit = *p - '0';
+ if (digit > 9) {
+ break;
+ }
+ octet = octet * 10 + digit;
+ num_digits++;
+ p++;
+ } while (num_digits < 3);
+
+ if (octet >= 256 || num_digits > 3 || num_digits == 0) {
+ break;
+ }
+ *res++ = (uint8_t) octet;
+ num_octets++;
+ } while (num_octets < 4 && *p++ == '.');
+ return num_octets == 4 && *p == '\0' ? 0 : -1;
+}
+
+#else
+
+static int x509_inet_pton_ipv6(const char *src, void *dst)
+{
+ return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1;
+}
+
+static int x509_inet_pton_ipv4(const char *src, void *dst)
+{
+ return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1;
+}
+
+#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
+
+MBEDTLS_STATIC_TESTABLE
+size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
+{
+ return strchr(cn, ':') == NULL
+ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0
+ : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0;
+}
+
/*
* Check for CN match
*/
@@ -2544,24 +2737,51 @@
return -1;
}
+static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san,
+ const char *cn, size_t cn_len)
+{
+ uint32_t ip[4];
+ cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip);
+ if (cn_len == 0) {
+ return -1;
+ }
+
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ const unsigned char san_type = (unsigned char) cur->buf.tag &
+ MBEDTLS_ASN1_TAG_VALUE_MASK;
+ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
+ cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) {
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
/*
* Check for SAN match, see RFC 5280 Section 4.2.1.6
*/
-static int x509_crt_check_san(const mbedtls_x509_buf *name,
+static int x509_crt_check_san(const mbedtls_x509_sequence *san,
const char *cn, size_t cn_len)
{
- const unsigned char san_type = (unsigned char) name->tag &
- MBEDTLS_ASN1_TAG_VALUE_MASK;
-
- /* dNSName */
- if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
- return x509_crt_check_cn(name, cn, cn_len);
+ int san_ip = 0;
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */
+ if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
+ return 0;
+ }
+ break;
+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */
+ san_ip = 1;
+ break;
+ /* (We may handle other types here later.) */
+ default: /* Unrecognized type */
+ break;
+ }
}
- /* (We may handle other types here later.) */
-
- /* Unrecognized type */
- return -1;
+ return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1;
}
/*
@@ -2572,31 +2792,23 @@
uint32_t *flags)
{
const mbedtls_x509_name *name;
- const mbedtls_x509_sequence *cur;
size_t cn_len = strlen(cn);
if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
- for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
- if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
- break;
- }
- }
-
- if (cur == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
+ return;
}
} else {
for (name = &crt->subject; name != NULL; name = name->next) {
if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
- break;
+ return;
}
}
- if (name == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
}
+
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
}
/*
diff --git a/library/x509_invasive.h b/library/x509_invasive.h
new file mode 100644
index 0000000..d8fd74b
--- /dev/null
+++ b/library/x509_invasive.h
@@ -0,0 +1,53 @@
+/**
+ * \file x509_invasive.h
+ *
+ * \brief x509 module: interfaces for invasive testing only.
+ *
+ * The interfaces in this file are intended for testing purposes only.
+ * They SHOULD NOT be made available in library integrations except when
+ * building the library for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_X509_INVASIVE_H
+#define MBEDTLS_X509_INVASIVE_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+
+/**
+ * \brief This function parses a CN string as an IP address.
+ *
+ * \param cn The CN string to parse. CN string MUST be NUL-terminated.
+ * \param dst The target buffer to populate with the binary IP address.
+ * The buffer MUST be 16 bytes to save IPv6, and should be
+ * 4-byte aligned if the result will be used as struct in_addr.
+ * e.g. uint32_t dst[4]
+ *
+ * \note \cn is parsed as an IPv6 address if string contains ':',
+ * else \cn is parsed as an IPv4 address.
+ *
+ * \return Length of binary IP address; num bytes written to target.
+ * \return \c 0 on failure to parse CN string as an IP address.
+ */
+size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_X509_INVASIVE_H */
diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py
index d1d23c1..94ecdfe 100644
--- a/scripts/mbedtls_dev/ecp.py
+++ b/scripts/mbedtls_dev/ecp.py
@@ -488,3 +488,132 @@
def arguments(self):
args = super().arguments()
return ["MBEDTLS_ECP_DP_SECP521R1"] + args
+
+
+class EcpP192K1Raw(bignum_common.ModOperationCommon,
+ EcpTarget):
+ """Test cases for ECP P192K1 fast reduction."""
+ symbol = "-"
+ test_function = "ecp_mod_p192k1"
+ test_name = "ecp_mod_p192k1"
+ input_style = "fixed"
+ arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP192K1_ENABLED"]
+
+ moduli = ["fffffffffffffffffffffffffffffffffffffffeffffee37"] # type: List[str]
+
+ input_values = [
+ "0", "1",
+
+ # Modulus - 1
+ "fffffffffffffffffffffffffffffffffffffffeffffee36",
+
+ # Modulus + 1
+ "fffffffffffffffffffffffffffffffffffffffeffffee38",
+
+ # 2^192 - 1
+ "ffffffffffffffffffffffffffffffffffffffffffffffff",
+
+ # Maximum canonical P192K1 multiplication result
+ ("fffffffffffffffffffffffffffffffffffffffdffffdc6c"
+ "0000000000000000000000000000000100002394013c7364"),
+
+ # First 8 number generated by random.getrandbits(384) - seed(2,2)
+ ("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
+ "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
+ ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1"
+ "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"),
+ ("ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7"
+ "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"),
+ ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"
+ "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2"),
+ ("2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78"
+ "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
+ ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"
+ "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135"),
+ ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561"
+ "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"),
+ ("bd143fa9b714210c665d7435c1066932f4767f26294365b2"
+ "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
+
+ # Next 2 number generated by random.getrandbits(192)
+ "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2",
+ "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63"
+ ]
+
+ @property
+ def arg_a(self) -> str:
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
+
+
+class EcpP224K1Raw(bignum_common.ModOperationCommon,
+ EcpTarget):
+ """Test cases for ECP P224 fast reduction."""
+ symbol = "-"
+ test_function = "ecp_mod_p224k1"
+ test_name = "ecp_mod_p224k1"
+ input_style = "fixed"
+ arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"]
+
+ moduli = ["fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d"] # type: List[str]
+
+ input_values = [
+ "0", "1",
+
+ # Modulus - 1
+ "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56c",
+
+ # Modulus + 1
+ "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56e",
+
+ # 2^224 - 1
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+
+ # Maximum canonical P224 multiplication result
+ ("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8"
+ "00000000000000000000000000000000000000010000352802c26590"),
+
+ # First 8 number generated by random.getrandbits(448) - seed(2,2)
+ ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337"
+ "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
+ ("cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675"
+ "94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8"),
+ ("defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd12"
+ "8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da"),
+ ("2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a6"
+ "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"),
+ ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4"
+ "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"),
+ ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15"
+ "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"),
+ ("a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26"
+ "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
+ ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e"
+ "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"),
+
+ # Next 2 number generated by random.getrandbits(224)
+ ("eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
+ ("f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3"),
+ ]
+
+ @property
+ def arg_a(self) -> str:
+ hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb)
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index dcc844c..f877684 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1219,6 +1219,17 @@
tests/ssl-opt.sh -f 'Default\|opaque'
}
+component_test_sw_inet_pton () {
+ msg "build: default plus MBEDTLS_TEST_SW_INET_PTON"
+
+ # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton
+ scripts/config.py set MBEDTLS_TEST_HOOKS
+ make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
+
+ msg "test: default plus MBEDTLS_TEST_SW_INET_PTON"
+ make test
+}
+
component_test_crypto_full_md_light_only () {
msg "build: crypto_full with only the light subset of MD"
scripts/config.py crypto_full
@@ -2289,6 +2300,140 @@
tests/ssl-opt.sh
}
+# This helper function is used by:
+# - component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa()
+# - component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa()
+# to ensure that both tests use the same underlying configuration when testing
+# driver's coverage with analyze_outcomes.py.
+#
+# This functions accepts 1 boolean parameter as follows:
+# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
+# excluding their built-in implementation as well as ECP_C & ECP_LIGHT
+# - 0: include built-in implementation of EC algorithms.
+#
+# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
+# on the ECP module.
+config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () {
+ DRIVER_ONLY="$1"
+ # start with crypto_full config for maximum coverage (also enables USE_PSA),
+ # but excluding X509, TLS and key exchanges
+ scripts/config.py crypto_full
+ # enable support for drivers and configuring PSA-only algorithms
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ if [ "$DRIVER_ONLY" -eq 1 ]; then
+ # Disable modules that are accelerated
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_ECDH_C
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ # Disable ECP module (entirely)
+ scripts/config.py unset MBEDTLS_ECP_C
+ scripts/config.py unset MBEDTLS_ECP_LIGHT
+ fi
+
+ # Disable PK module since it depends on ECP
+ scripts/config.py unset MBEDTLS_PK_C
+ scripts/config.py unset MBEDTLS_PK_PARSE_C
+ scripts/config.py unset MBEDTLS_PK_WRITE_C
+ # Disable also RSA_C that would re-enable PK
+ scripts/config.py unset MBEDTLS_RSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V15
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ # Disable also key exchanges that depend on RSA for completeness
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+ # Restartable feature is not yet supported by PSA. Once it will in
+ # the future, the following line could be removed (see issues
+ # 6061, 6332 and following ones)
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+ # Dynamic secure element support is a deprecated feature and needs to be disabled here.
+ # This is done to have the same form of psa_key_attributes_s for libdriver and library.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ # Disable PSA_WANT symbols that would re-enable PK
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+ for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ scripts/config.py -f include/psa/crypto_config.h unset $ALG
+ done
+}
+
+# Build and test a configuration where driver accelerates all EC algs while
+# all support and dependencies from ECP and ECP_LIGHT are removed on the library
+# side.
+#
+# Keep in sync with component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa()
+component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () {
+ msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP"
+
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+ ALG_ECDH \
+ ALG_JPAKE \
+ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Set common configurations between library's and driver's builds
+ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 1
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
+ # Things we wanted supported in libtestdriver1, but not accelerated in the main library:
+ # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic.
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ # Configure and build the main libraries with drivers enabled
+ # -----------------------------------------------------------
+
+ # Build the library
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ loc_symbols="-DPSA_CRYPTO_DRIVER_TEST \
+ -DMBEDTLS_TEST_LIBTESTDRIVER1"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests $loc_symbols $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ # Make sure any built-in EC alg was not re-enabled by accident (additive config)
+ not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecdh_ library/ecdh.o
+ not grep mbedtls_ecjpake_ library/ecjpake.o
+ # Also ensure that ECP or RSA modules were not re-enabled
+ not grep mbedtls_ecp_ library/ecp.o
+ not grep mbedtls_rsa_ library/rsa.o
+
+ # Run the tests
+ # -------------
+
+ msg "test suites: crypto_full + accelerated EC algs + USE_PSA - ECP"
+ make test
+}
+
+# Reference function used for driver's coverage analysis in analyze_outcomes.py
+# in conjunction with component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa().
+# Keep in sync with its accelerated counterpart.
+component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa () {
+ msg "build: crypto_full + non accelerated EC algs + USE_PSA"
+
+ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 0
+
+ make
+
+ # Esure that the RSA module was not re-enabled
+ not grep mbedtls_rsa_ library/rsa.o
+
+ msg "test suites: crypto_full + non accelerated EC algs + USE_PSA"
+ make test
+}
+
# Helper function used in:
# - component_test_psa_crypto_config_accel_all_curves_except_p192
# - component_test_psa_crypto_config_accel_all_curves_except_x25519
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 1eefe31..293459b 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -251,6 +251,41 @@
}
}
},
+ 'analyze_driver_vs_reference_all_ec_algs_no_ecp': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa',
+ 'component_driver': 'test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa',
+ 'ignored_suites': [
+ # Ignore test suites for the modules that are disabled in the
+ # accelerated test case.
+ 'ecp',
+ 'ecdsa',
+ 'ecdh',
+ 'ecjpake',
+ ],
+ 'ignored_tests': {
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ 'test_suite_psa_crypto': [
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
+ 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
+ ]
+ }
+ }
+ },
}
def main():
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 6c3d06f..2656deb 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -727,14 +727,12 @@
} else
#endif /* MBEDTLS_ASN1_PARSE_C */
-#if defined(MBEDTLS_ECP_LIGHT)
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
/* Just the secret value */
TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
} else
-#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_ASN1_PARSE_C)
if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
@@ -766,7 +764,6 @@
} else
#endif /* MBEDTLS_ASN1_PARSE_C */
-#if defined(MBEDTLS_ECP_LIGHT)
if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
TEST_ASSERT(exported_length <=
@@ -792,10 +789,7 @@
TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
TEST_EQUAL(exported[0], 4);
}
- } else
-#endif /* MBEDTLS_ECP_LIGHT */
-
- {
+ } else {
(void) exported;
TEST_ASSERT(!"Sanity check not implemented for this key type");
}
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 87cd0f3..898240e 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1355,6 +1355,84 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+void ecp_mod_p192k1(char *input_N,
+ char *input_X,
+ char *result)
+{
+ mbedtls_mpi X;
+ mbedtls_mpi N;
+ mbedtls_mpi res;
+
+ mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&res);
+
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
+
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
+
+ size_t limbs = N.n;
+ size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
+
+ TEST_EQUAL(X.n, 2 * limbs);
+ TEST_EQUAL(res.n, limbs);
+
+ TEST_EQUAL(mbedtls_ecp_mod_p192k1(&X), 0);
+ TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 192);
+ ASSERT_COMPARE(X.p, bytes, res.p, bytes);
+
+exit:
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&res);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+void ecp_mod_p224k1(char *input_N,
+ char *input_X,
+ char *result)
+{
+ mbedtls_mpi X;
+ mbedtls_mpi N;
+ mbedtls_mpi res;
+
+ mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&res);
+
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
+
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
+
+ size_t limbs = N.n;
+ size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
+
+ TEST_LE_U(X.n, 448 / biL);
+ TEST_EQUAL(res.n, limbs);
+
+ TEST_EQUAL(mbedtls_ecp_mod_p224k1(&X), 0);
+ TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 224);
+ ASSERT_COMPARE(X.p, bytes, res.p, bytes);
+
+exit:
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&res);
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
{
diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data
index 6215703..c467d01 100644
--- a/tests/suites/test_suite_psa_crypto_pake.data
+++ b/tests/suites/test_suite_psa_crypto_pake.data
@@ -82,10 +82,14 @@
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE
-PSA PAKE: input buffer too large
+PSA PAKE: input buffer too large #1
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT
+PSA PAKE: input buffer too large #2
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE_2:PSA_ERROR_INVALID_ARGUMENT
+
PSA PAKE: invalid output
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function
index 88f24dd..ecbd363 100644
--- a/tests/suites/test_suite_psa_crypto_pake.function
+++ b/tests/suites/test_suite_psa_crypto_pake.function
@@ -17,6 +17,7 @@
ERR_INJECT_UNKNOWN_STEP,
ERR_INJECT_INVALID_FIRST_STEP,
ERR_INJECT_WRONG_BUFFER_SIZE,
+ ERR_INJECT_WRONG_BUFFER_SIZE_2,
ERR_INJECT_VALID_OPERATION_AFTER_FAILURE,
ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1,
ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2,
@@ -670,6 +671,11 @@
output_buffer, size_zk_public + 1),
ERR_INJECT_WRONG_BUFFER_SIZE);
+ SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation,
+ PSA_PAKE_STEP_ZK_PROOF,
+ output_buffer, size_zk_proof + 1),
+ ERR_INJECT_WRONG_BUFFER_SIZE_2);
+
SETUP_CONDITIONAL_CHECK_STEP(
(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC,
output_buffer, size_zk_public + 1),
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index c1f66f6..a6b001f 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1023,6 +1023,119 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+X509 CRT verification: matching IPv4 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL"
+
+X509 CRT verification: mismatching IPv4 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT verification: IPv4 with trailing data in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT verification: matching IPv6 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL"
+
+X509 CRT verification: mismatching IPv6 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT parse CN: IPv4 valid address
+x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4
+
+X509 CRT parse CN: IPv4 excess 0s
+x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0
+
+X509 CRT parse CN: IPv4 short address
+x509_crt_parse_cn_inet_pton:"10.10.10":"":0
+
+X509 CRT parse CN: IPv4 invalid ? char
+x509_crt_parse_cn_inet_pton:"10.10?10.10":"":0
+
+X509 CRT parse CN: IPv4 invalid - char
+x509_crt_parse_cn_inet_pton:"10.-10.10.10":"":0
+
+X509 CRT parse CN: IPv4 invalid + char
+x509_crt_parse_cn_inet_pton:"10.+10.10.10":"":0
+
+X509 CRT parse CN: IPv4 begin dot
+x509_crt_parse_cn_inet_pton:".10.10.10.10":"":0
+
+X509 CRT parse CN: IPv4 end dot
+x509_crt_parse_cn_inet_pton:"10.10.10.10.":"":0
+
+X509 CRT parse CN: IPv4 consecutive dots
+x509_crt_parse_cn_inet_pton:"10.10..10.10.":"":0
+
+X509 CRT parse CN: IPv4 overlarge octet 256
+x509_crt_parse_cn_inet_pton:"10.256.10.10":"":0
+
+X509 CRT parse CN: IPv4 overlarge octet 999
+x509_crt_parse_cn_inet_pton:"10.10.10.999":"":0
+
+X509 CRT parse CN: IPv4 overlarge octet 1000
+x509_crt_parse_cn_inet_pton:"10.1000.10.10":"":0
+
+X509 CRT parse CN: IPv4 additional octet
+x509_crt_parse_cn_inet_pton:"10.10.10.10.10":"":0
+
+X509 CRT parse CN: IPv6 valid address
+x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8":"00010002000300040005000600070008":16
+
+X509 CRT parse CN: IPv6 valid address shorthand
+x509_crt_parse_cn_inet_pton:"6263\:\:1":"62630000000000000000000000000001":16
+
+X509 CRT parse CN: IPv6 valid address shorthand start
+x509_crt_parse_cn_inet_pton:"\:\:1":"00000000000000000000000000000001":16
+
+X509 CRT parse CN: IPv6 valid address extra 0s
+x509_crt_parse_cn_inet_pton:"0001\:\:0001\:0001":"00010000000000000000000000010001":16
+
+X509 CRT parse CN: IPv6 invalid address excess 0s
+x509_crt_parse_cn_inet_pton:"1\:00000\:1\:0":"":0
+
+X509 CRT parse CN: IPv6 invalid address - start single colon
+x509_crt_parse_cn_inet_pton:"\:6263\:\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid address - end single colon
+x509_crt_parse_cn_inet_pton:"6263\:\:1\:":"":0
+
+X509 CRT parse CN: IPv6 short address
+x509_crt_parse_cn_inet_pton:"1\:1\:1":"":0
+
+X509 CRT parse CN: IPv6 wildcard address
+x509_crt_parse_cn_inet_pton:"\:\:":"00000000000000000000000000000000":16
+
+X509 CRT parse CN: IPv6 address too long
+x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8\:9":"":0
+
+X509 CRT parse CN: IPv6 long hextet
+x509_crt_parse_cn_inet_pton:"12345\:\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid char
+x509_crt_parse_cn_inet_pton:"\:\:\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid - char
+x509_crt_parse_cn_inet_pton:"\:\:-1\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid + char
+x509_crt_parse_cn_inet_pton:"\:\:+1\:1":"":0
+
+X509 CRT parse CN: IPv6 valid address IPv4-mapped
+x509_crt_parse_cn_inet_pton:"\:\:ffff\:1.2.3.4":"00000000000000000000ffff01020304":16
+
+X509 CRT parse CN: IPv6 invalid address IPv4-mapped #1
+x509_crt_parse_cn_inet_pton:"\:\:ffff\:999.2.3.4":"":0
+
+X509 CRT parse CN: IPv6 invalid address IPv4-mapped #2
+x509_crt_parse_cn_inet_pton:"\:\:ffff\:1111.2.3.4":"":0
+
+X509 CRT parse CN: IPv6 invalid address IPv4-mapped #3
+x509_crt_parse_cn_inet_pton:"\:\:1.2.3.4\:ffff":"":0
+
X509 CRT verification with ca callback: failure
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 177bc97..905d62f 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -11,6 +11,8 @@
#include "mbedtls/pk.h"
#include "string.h"
+#include "x509_invasive.h"
+
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
than the current threshold 19. To test larger values, please \
@@ -436,6 +438,19 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_TEST_HOOKS */
+void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret)
+{
+ uint32_t addr[4];
+ size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn, addr);
+ TEST_EQUAL(addrlen, (size_t) ref_ret);
+
+ if (addrlen) {
+ ASSERT_COMPARE(exp->x, exp->len, addr, addrlen);
+ }
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_parse_san(char *crt_file, char *result_str, int parse_result)
{